Systems and methods for risk triggering values

ABSTRACT

The invention includes systems and methods for facilitating risk assessment for point of sale transactions utilizing at least one risk triggering value (RTV) stored within a distributed (e.g., local and/or regional) processing site. An RTV is a condensed version of a set of complex risk data and strategies usually found in central processing sites. The distributed site, after receiving a request for payment authorization, a risk value is calculated for the request. The distributed processing site compares the risk value to the RTV to determine whether to authorize payment. If the risk value is less than or equal to the RTV, the payment is authorized while a risk value greater than the RTV will not be authorized. After one or more authorizations, the distributed processing site forwards the information from the transaction(s) to the central site, wherein the central site calculates a new RTV for the account and distributes the new RTV to the distributed processing site.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of, and claims priority to,U.S. Ser. No. 10/907,511 filed Apr. 4, 2005, which is herebyincorporated by reference in it entirety.

FIELD OF INVENTION

The invention generally relates to payment authorization for commercialtransactions, and more particularly, to assessing an amount of riskrelated to a request for payment authorization received at a distributedprocessing site.

BACKGROUND OF THE INVENTION

A merchant often receives a payment instrument (e.g., credit card,pre-paid card, charge card, debit card, smart card, stored-value card,etc.) to facilitate payment for items (e.g., goods, services,information, etc) a consumer wishes to purchase. The merchant may use apoint of sale (POS) device to request authorization for the purchase byswiping the payment instrument through the POS device. The POS devicethen usually communicates to a distributed processing site—which may belocal and/or regional—acting as a concentrator and providing value addservices. Normally, the authorization request is forwarded from thedistributed processing site to a central processing site forauthorization processing. The central processing site acts as a “largefootprint” because of it physical size, amount of processing power andlarge storage capability, and may also include complex risk data andstrategies, which are not found within distributed processing sites.After a risk assessment for the transaction is processed, the centralprocessing site transmits, via the distributed processing site ordirectly, the results of the payment authorization to the POS devicebased upon the perceived risk.

There are occasions, however, where a distributed processing site, andnot a central processing site, may authorize payment. Currently, theauthorization at distributed processing sites is based upon factors,such as, for example, floor limits, negative and positive file lists,and possibly some accumulation of recent transaction instrument usage.These relatively simple factors are adequate for some situations (e.g.,payment requests for small amounts, payment requests from merchantswithin the same zip code as the user's billing address, and the like),but many situations require distributed processing sites to forward theauthorization request to a central processing site because of thecentral processing site's greater ability to assess risk by utilizingmore complex factors. Because a central processing site may be connectedto multiple distributed processing sites, the central processing sitemay become too busy and not operate efficiently (i.e., not transmittingan authorization or decline within a relatively short period of time),or may become so busy that it may not completely fail to transmit anindication of authorization or decline. Furthermore, a centralprocessing site may also transmit inaccurate authorizations or declinesif it becomes too busy. Thus, systems and methods are needed that allowdistributed processing sites to process and transmit paymentauthorization and declines for transactions requiring more complex riskassessment.

SUMMARY OF THE INVENTION

The invention relates to systems and methods for determining the resultsof an authorization of payment requests at a distributed processingsite. A set of complex risk data and strategies is condensed at acentral processing site to establish one or more risk triggering value(RTV). The RTV may be distributed from the central processing site toone or more distributed (local and/or regional) processing sites,wherein the distributed processing site receives a request from amerchant point of sale device for payment authorization. The distributedprocessing site then calculates a risk value for the request andcompares the risk value to the RTV for that type of account, type ofconsumer, and/or that particular account. If the RTV is greater than orequal to the risk valve, the payment request is authorized. If the RTVis lower than the risk valve, the payment request is declined orforwarded to a central processing site for further processing and/oranalysis prior to authorization or denial. In situations where thepayment request is authorized, the distributed processing site sends thetransaction information (either individually or as a batch) to thecentral processing site wherein the central processing site processesthe information to calculate a new RTV, and distributes the new RTV tothe distributed processing sites.

The invention includes a computer-implemented method to facilitateauthorization of a payment request at a distributed processing sitecomprising the steps of: condensing a set of risk data and strategies,wherein the set of risk data and strategies are managed at a centralprocessing site, and the condensed set of risk data and strategiescomprise a risk triggering value (RTV); distributing the RTV to at leastone distributed processing site; receiving a request for paymentauthorization from a merchant point of sale device, wherein the requestis received at the distributed processing site; and, determining at thedistributed processing site whether to transmit a payment authorizationto the merchant POS device, wherein the payment authorization is basedin part upon the RTV, and wherein the step of determining whether totransmit payment authorization comprises the steps of: calculating arisk value for the request, comparing the risk value to the RTV, and atleast one of transmitting a payment authorization when the risk value isat least one of less than and equal to the RTV, and transmitting adecline message when the risk value is greater than the RTV.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a system to facilitate paymentauthorization at one or more distributed processing sites in accordancewith an embodiment of the present invention; and,

FIG. 2 is a flow diagram of a method to facilitate payment authorizationat one or more distributed processing sites in accordance with anembodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The detailed description of exemplary embodiments of the inventionherein makes reference to the accompanying figures, which show theexemplary embodiment by way of illustration and its best mode. Whilethese exemplary embodiments are described in sufficient detail to enablethose skilled in the art to practice the invention, it should beunderstood that other embodiments may be realized and that logical andmechanical changes may be made without departing from the spirit andscope of the invention. Thus, the detailed description herein ispresented for purposes of illustration only and not of limitation. Forexample, the steps recited in any of the method or process descriptionsmay be executed in any order and are not limited to the order presented.

For the sake of brevity, conventional data networking, applicationdevelopment and other functional embodiments of the systems (andcomponents of the individual operating components of the systems) maynot be described in detail herein. Furthermore, the connecting linesshown in the various figures contained herein are intended to representexemplary functional relationships and/or physical couplings between thevarious elements. It should be noted that many alternative or additionalfunctional relationships or physical connections may be present in apractical system.

Turning now to the figures, FIG. 1 is a block diagram illustrating anexemplary embodiment of a system 100 utilizing at least one merchantpoint of sale (POS) device 110 to facilitate authorizing a paymentrequest at one or more distributed processing sites (DPS) 120. In oneembodiment, system 100 facilitates the secure transmission of requestsfor payment authorization and approval of such requests between POSdevice 110 and DPS 120.

The invention contemplates that POS device 110 is any software and/orhardware suitably configured to facilitate a purchase. In oneembodiment, POS device 110 is configured to receive payment data and/ortransaction data. POS device 110, in another embodiment, is configuredto transmit a request for payment authorization, which may includepayment data and transaction data, to at least one DPS 120. In yetanother embodiment, POS device 110 is a consumer computing unit in theform of a personal computer, however, other types of computing unitssuch as, for example, laptops, notebooks, hand held computers, set-topboxes, cellular telephones, touch-tone telephones and the like may beused. Moreover, POS device 110 may be a merchant computing unitimplemented in the form of a computer-server, although otherimplementations are contemplated. Furthermore, reference to a single POSdevice 110, DPS 120, central processing site (CPS) 130 (discussed below)or any other component described herein may also include a plurality ofthe respective device such as, for example, more than one POS device 110(e.g., POS devices 112 and 114), DPS 120, CPS 130 or other component,respectively.

As used herein, the term “transmit” includes, for example, sendingelectronic data from one system component to another over a networkconnection. Additionally, as used herein, the term “data” includes, forexample, encompassing information such as commands, queries, files, datafor storage, and the like in digital or any other form. The term“transaction data” includes, for example, the amount of purchase, atleast one payment instrument account number, at least one itemidentifier for each item being purchased, loyalty information,demographic information and/or any other data helpful in processing atransaction. A payment instrument may include, for example, a creditcard, a debit card, a charge card, a RFID, a chip based card, a storedvalue card and/or any other instrument capable of being presented forpayment of an item. An “account” or “account number”, as used herein,may include, for example, any device, code, number, letter, symbol,digital certificate, smart chip, digital signal, analog signal,biometric or other identifier/indicia suitably configured to allow theconsumer to access, interact with or communicate with the system (e.g.,one or more of an authorization/access code, personal identificationnumber (PIN), Internet code, other identification code, and/or thelike). The account number may optionally be located on or associatedwith a rewards card, charge card, credit card, debit card, prepaid card,telephone card, embossed card, smart card, magnetic stripe card, barcode card, transponder, radio frequency card or an associated account.The system may include or interface with any of the foregoing cards ordevices, or a fob having a transponder and RFID reader in RFcommunication with the fob. Although the present invention may include afob embodiment, the invention is not to be so limited. Indeed, system100 may include any device having a transponder configured tocommunicate with RFID reader via RF communication. Typical devices mayinclude, for example, a key ring, tag, card, cell phone, wristwatch orany such form capable of being presented for interrogation. Moreover,the system, computing unit or device discussed herein may include a“pervasive computing device,” which may include a traditionallynon-computerized device that is embedded with a computing unit. Examplesmay include, for example, watches, Internet enabled kitchen appliances,restaurant tables embedded with RF readers, wallets or purses withimbedded transponders, etc.

The account number may be distributed and stored in any form of plastic,electronic, magnetic, radio frequency, wireless, audio and/or opticaldevice capable of transmitting or downloading data from itself to asecond device. A consumer account number may be, for example, asixteen-digit credit card number, although each credit provider has itsown numbering system, such as the fifteen-digit numbering system used byAmerican Express. Each company's credit card numbers comply with thatcompany's standardized format such that the company using asixteen-digit format will generally use four spaced sets of numbers, asrepresented by the number “0000 0000 0000 0000”. The first five to sevendigits are reserved for processing purposes and identify the issuingbank, card type, etc. In this example, the last (sixteenth) digit isused as a sum check for the sixteen-digit number. The intermediaryeight-to-ten digits are used to uniquely identify the consumer. Amerchant account number may be, for example, any number or alpha-numericcharacters that identifies a particular merchant for purposes of cardacceptance, account reconciliation, reporting, or the like.

As used herein, an “item” includes, for example, one or more data,information, good and/or service capable of being exchanged betweenentities. In addition, an “item identifier” may include, for example, auniversal product code (UPC), a stockkeeping unit (SKU), a serialnumber, a reference number, a category number, a service type indicator,a description and/or other any other information capable of identifyingan item.

As discussed above, system 100 also includes DPS 120, wherein DPS 120includes any hardware and/or software suitably configured to communicateand/or process transaction information. In an exemplary embodiment, DPS120 (or any other computer component discussed herein) includes aprocessor for processing digital data, a memory coupled to the processorfor storing digital data, an input digitizer coupled to the processorfor inputting digital data, an application program stored in the memoryand accessible by the processor for directing processing of digital databy the processor, a display device coupled to the processor and memoryfor displaying information derived from digital data processed by theprocessor, and a plurality of databases. Though shown in the figures asa main frame computer, in other embodiments, DPS 120 is implemented as amini-computer, a PC server, a network of computers located in the sameor different geographic locations, or the like.

In one exemplary embodiment, DPS 120 is configured to receive andprocess a request for payment authorization from POS device 110. Assuch, an electronic commerce system may be implemented at DPS 120 andPOS device 110. In one embodiment of the invention, the electroniccommerce system is implemented as computer software modules loaded ontoPOS device 110 and DPS 120 such that DPS 120 does not require anyadditional software to participate in any online commerce transactionssupported by an electronic commerce system. Furthermore, DPS 120 is alsoconfigured in one embodiment to transmit payment authorization and/ordeclines to POS device 110 based upon a comparison of the requestedpayment amount to a risk-triggering value (RTV) 125 (discussed below)stored/managed within DPS 120. In one embodiment of the invention, eachconsumer may have an RTV 125 stored/managed within DPS 120 and/or DPS120 may store/manage at least one RTV 125 applicable to some or allconsumers.

In another embodiment, DPS 120 is configured to communicate with CPS130, which may include transmitting transaction data to CPS 130. In oneexemplary embodiment of the invention, DPS 120 is configured to receiveand store at least one RTV 125 received from CPS 130. RTV 125, in oneexemplary embodiment, is a condensed version of a set of complex riskdata and strategies 135. In one embodiment of the invention, RTV 125(and new RTV 125′, discussed below) is an alphanumeric value (e.g., adollar value, an integer value, a fraction, a decimal value, and thelike). In another embodiment, RTV 125 also includes condensed data andstrategies comprised of one or more transaction variables and/or one ormore environmental variables. Transaction variables include, forexample, whether the transaction instrument is present at the time ofpurchase, transaction amount, account type (charge, credit, debit,pre-paid, etc.), account status (e.g., gold card, preferred member,etc.), type of item being purchased, consumer location, merchantclassification, merchant location, token type, history of payment,consumer's ability to pay, and any other variable that may affect theamount of risk involved in authorizing a transaction. Similarly,environmental variables include, for example, date of transaction; timeof transaction; seasonal holidays; special event; and health of domain,nodes, and/or data quality (e.g., all of the fields are filled and/orare accurate).

In one embodiment, DPS 120 is coupled to POS device 110 (and POS devices112 and 114) via network 140. Network 140 includes, for example, anyelectronic communications means which incorporates hardware and/orsoftware components of such. Communication among the devices inaccordance with the present invention may be accomplished through anysuitable communication channels, such as, for example, a telephonenetwork, an extranet, an intranet, Internet, point of interaction device(point of sale device, personal digital assistant, cellular phone,kiosk, etc.), online communications, satellite communications, off-linecommunications, wireless communications, transponder communications,local area network (LAN), wide area network (WAN), networked or linkeddevices, keyboard, mouse and/or any suitable communication or data inputmodality. Moreover, although the invention is frequently describedherein as being implemented with TCP/IP communications protocols, theinvention may also be implemented using IPX, Appletalk, IP-6, NetBIOS,OSI or any number of existing or future protocols. If the network is inthe nature of a public network, such as the Internet, it may beadvantageous to presume the network to be insecure and open toeavesdroppers. Specific information related to the protocols, standards,and application software utilized in connection with the Internet isgenerally known to those skilled in the art and, as such, need not bedetailed herein. See, for example, DILIP NAIK, INTERNET STANDARDS ANDPROTOCOLS (1998); JAVA 2 COMPLETE, various authors, (Sybex 1999);DEBORAH RAY AND ERIC RAY, MASTERING HTML 4.0 (1997); and LOSHIN, TCP/IPCLEARLY EXPLAINED (1997) and DAVID GOURLEY AND BRIAN TOTTY, HTTP, THEDEFINITIVE GUIDE (2002), the contents of which are hereby incorporatedby reference. Moreover, system 100 contemplates the use, sale ordistribution of an item or information over any network having similarfunctionality described herein.

System 100, in one exemplary embodiment, includes CPS 130 coupled to DPS120. CPS 130 may be any hardware and/or software suitably configured tofacilitate authorizing and/or declining a payment request for commercialtransactions involving financial accounts. In one exemplary embodiment,CPS 130 stores and/or manages at least one set of complex risk data andstrategies 135. CPS 130, in another exemplary embodiment, is configuredto condense a set of complex risk data and strategies 135 to calculateRTV 125, and transmit RTV 125 to at least one DPS 120. In addition, inan exemplary embodiment, CPS 130 is configured to periodically receivetransaction data from DPS 120 and process the data to calculate a newRTV 125′, which is then transmitted to DPS 120.

In one embodiment of the invention, a set of complex risk data andstrategies 135 may include information related to individual credit,charge, pre-paid, and/or debit accounts. For example, CPS 130 mayinclude information related to the consumer's payment history, abilityto pay, and/or any other information helpful in determining theconsumer's credit worthiness. In another embodiment, set of complex riskdata and strategies 135 may include information related to the residenceof the consumer using, for example, the consumer's zip code,billing/street address, municipality information, and/or any otherinformation related to the consumer's residence. In yet anotherembodiment of the invention, set of complex risk data and strategies 135may include information related to the type of merchant which isrequesting payment. For example, CPS 130 may contain informationindicating that the requesting merchant is a florist, a gas station, agrocery store, an on-line seller, and the like. Furthermore, CPS 130 maycontain information related to the location of the merchant similar tothe information that may be contained for the consumer.

In one exemplary embodiment, a set of complex data and strategies 135includes positive and negative limits based upon the logistics of thetransaction. For example, set of complex data and strategies 135 mayinclude a positive limit indicating that gold card members (or any otherstatus) are automatically approved for certain amounts (e.g., $500.00)at certain merchants (e.g., Barnes & Noble) or websites (e.g.,eBay.com). As such, the invention contemplates that there are numerouspositive limits available for storage/management in CPS 130 based upon atransaction and/or environmental variable discussed above, or any otherappropriate positive limit. Similarly, CPS 130 may include, for example,a negative limit indicating that amounts over a certain amount (e.g.,$100.00) requested by certain merchant types (e.g., a gas station) areautomatically declined since the potential for fraud is high.Furthermore, the negative limit may also decline amounts over a certainamount (e.g., $200.00) at locations more than specified distance (e.g.,100 miles) from the consumer's residence/billing address. As such, theinvention contemplates that there are numerous negative limits availablefor storage/management in CPS 130 based upon one or more transactionand/or environmental variable discussed above, or any other appropriatenegative limit.

In one embodiment of the invention, DPS 120 and CPS 130 are owned and/oroperated by the same entity. In another embodiment, DPS 120 and CPS 130may be owned and/or operated by different entities. As such, the entityowning and/or operating DPS 120 may use the risk assessing resourcesand/or knowledge of the entity owning and/or operating CPS 130. In oneexemplary embodiment, the entity owning and/or operating CPS 130 maycharge a fee for providing RTV 125 to DPS 120, and any subsequent newRTVs 125′.

In one embodiment of the invention, system 100 is configured such thateach device (e.g., POS device 110, DPS 120, and/or CPS 130) isinterconnected via a second network (not shown), referred to as apayment network. The payment network, which may be part of certaintransactions, represents existing proprietary networks that presentlyaccommodate transactions for credit cards, debit cards, and other typesof financial/banking cards. The payment network is a closed network thatis assumed to be secure from eavesdroppers. Exemplary transactionnetworks may include the American Express®, VisaNet® or Veriphone®networks.

FIG. 2 is a flow diagram of one exemplary embodiment of a method 200 tofacilitate payment authorization at one or more DPS (e.g., DPS 120). Inone embodiment, method 200 initiates by a CPS (e.g., CPS 130) condensinga set of complex risk data and strategies (e.g., set of complex riskdata and strategies 135) to calculate an RTV (e.g., RTV 125) (step 210).In one embodiment, RTV 125 is calculated by condensing a large set ofhistorical transactions (e.g., purchases, cash advances, payments,disputes, and the like) available to system 100. These transactions mayspan the entire life of the account relationship and may even spanmultiple account relationships. In conjunction with the current paymentstatus, current billed and unbilled transactions, demographicinformation, financial information about the client, external creditinformation, and external scoring information, a set of calculations maycondense this large amount of data into one or more trigger points. Thetrigger point(s), in one embodiment, calculate the point(s) at which thetransaction will likely be profitable to the account issuer by assigninga value to each of the above-listed strategy attributes (e.g., longstanding customer=5.0, customer has above average income=7.0, customerhas high debt to income ratio=−3.5, etc.) and adding the trigger pointsto form RTV 125. Depending on the type of RTV 125 being established, aprofitability trigger (i.e., RTV 125) may additionally be multiplied bya perceived risk factor as a way to further ensure the transaction isprofitable to the account issuer. For example, a high-valued account(e.g., an account with a long history of timely payments) may bedetermined to be half as risky as the average account, and as such, RTV125 may be doubled for the high-valued account. Likewise, a low-valuedaccount (e.g., an account in default) may be determined to be ten timesmore risky than the average account, and as such, RTV 125 may be reducedby 90%.

After RTV 125 is calculated, in one exemplary embodiment, CPS 130distributes RTV 125 to at least one DPS 120 for DPS 120 to store and/ormanage (step 220). At some point, DPS 120 will receive a request forpayment authorization from one or more POS devices (e.g., POS devices110, 112, and/or 114) associated with DPS 120 (step 230). In oneexemplary embodiment, DPS 120 compares the requested amount to RTV 125(step 240). In one embodiment of the invention (e.g., when RTV 125 is adollar value), DPS 120 compares the requested dollar amount (i.e. a riskvalue) to the RTV 125 dollar amount. In another embodiment, DPS 120 mayprocess transaction information (e.g., transaction and/or environmentalvariables, discussed above) included in the request for paymentauthorization, calculate a risk value for the transaction, and comparethe risk value to RTV 125. In yet another embodiment of the invention,the risk value is calculated by assigning an individual risk value toeach transaction and/or environmental variable, and summing theindividual value(s) for comparison to RTV 125. In still anotherembodiment, each transaction and/or environmental variable may includean appropriate multiplier to further assess the risk for that particularrequest. For example, if the request is received from a merchant withina short distance from the consumer's residence, a negative multipliermay be included within the calculation of the risk value to indicate alesser likelihood of fraudulent activity. Likewise, a request from amerchant located a large distance from the consumer's residence mayinclude a positive multiplier since the risk of fraudulent use of thetransaction instrument is higher.

In an exemplary embodiment, if the risk value is less than or equal toRTV 125, DPS 120 transmits payment authorization to POS device 110 (step250). If the risk value is greater than RTV 125, DPS 120 declines thepayment request (step 250), and, in one embodiment, transmits a declinemessage. DPS 120, in one embodiment (and instead of sending a declinemessage if RTV 125 is less than the risk value), forwards the paymentrequest to CPS 130 for more in-depth risk assessment and/orauthorization procedures similar to current methods known in therelevant art(s).

The following example illustrates one example of how a risk value may becalculated by DPS 120, compared to RTV 125, and paymentauthorization/decline is transmitted. The example is but one example andthe nature of RTV 125 and the information contained in various paymentrequests allows for numerous possibilities, all of which arecontemplated by the invention. RTV 125 may include, for example, a 1.5risk multiplier for request amounts greater than $500.00, an automatic−100 risk value for requests from merchants within 20 miles of theconsumer's residence, an automatic +200 risk value for a request from amerchant farther than 20 miles from the consumer's residence (oron-line, or “card not present” transactions), a 5.0 risk multiplier forrequests from a gas station, and a 4.0 risk multiplier for requests froman electronics merchant. If RTV 125 is 499, DPS 120 will decline a$60.00 request from a gas station located 25 miles from the consumer'sresidence because (5.0*60)+200=500, or may forward the request to CPS130 for further risk assessment and authorization. In another example,if RTV 125 is 1500, DPS 120 will authorize payment for a $400.00 requestfrom an electronics merchant located 19 miles from the consumer'sresidence because (4.0*400)−100=500.

If RTV 125 includes a positive and/or negative limit, DPS 120 willauthorize or decline a payment request in a manner similar to the aboveexample. For example, if a negative limit (i.e., a risk value)automatically declines requests for amounts greater than $50.00 from agas station, DPS 120 will decline any request from a gas station for$50.01 or greater, regardless of the location of the gas station.Likewise, if a positive limit (i.e., a risk value) of $500.00 is inplace for all consumers from, for example, Amazon.com, DPS 120 willautomatically authorize payment for amounts of $500.00 or less.Furthermore, if, for example, a consumer wishes to make a purchase fromAmazon.com for an amount greater than $500.00 (e.g., $600.00), DPS 120may perform a calculation (either $600.00*1.5=900 or$500.00+[$100.00*1.5]=650) similar to the example above to determine therisk value for the transaction, and compare such value to the currentRTV 125 in place.

After transmitting payment authorization, in an exemplary embodiment,DPS 120 transmits the transaction information to CPS 130 (step 260).Upon receipt of the transaction information, CPS 130, in an embodiment,utilizes the transaction information to calculate a new RTV 125′ (step270). New RTV 125′ may be the same as RTV 125 or may be a differentvalue (which may include new risk data and/or strategies; and/or excludesome risk data and/or strategies). New RTV 125′, in one exemplaryembodiment, is then distributed to at least one DPS 120 (step 280). Theinvention contemplates that steps 230 through 280 may then be repeatednumerous times as requests for payment authorizations are received andauthorized (step 290).

In another embodiment, all or any portion of the functionality of DPS120 and/or CPS 130 (as discussed herein) resides at a merchant site suchas, for example, within a server or POS device. For the sake ofexplanation, this embodiment will be described as a merchant locatedDPS. In such embodiments where certain additional functions are locatedat the merchant, DPS 120 and/or CPS 130 may (or may not) still exist toperform some or all of their functions.

For example, a merchant located DPS may receive RTV 125 for any numberof consumers from DPS 120 at regular intervals, or when an RTV 125 isupdated. Practitioners will appreciate that a merchant located DPS mayretain an entire database of RTVs as provided by CPS 130 or a subsetthereof. In one embodiment, a merchant may obtain a RTV 125 when acustomer first uses a transaction instrument (e.g., credit card, debitcard, check) to facilitate a purchase with a particular merchant andsubsequently store the RTV within a local database. For example, when afirst time customer of a sporting goods store uses his credit card topurchase a tennis racket, a merchant located DPS searches a localdatabase for an RTV corresponding to the credit card. Because thecustomer has not previously purchased from the sporting goods store, acorresponding RTV will not be located. As a result, the merchant locatedDPS sends a purchase authorization request to a primary DPS 120. Alongwith an authorization signal, the primary DPS 120 sends an RTVcorresponding to the customer's credit card. The merchant located DPSstores the RTV, thus any subsequent purchases from the customer may beauthorized by the merchant located DPS.

A combination of the various disclosed embodiments may be employed toenable merchants to access RTVs for purchases when, for example, DPS 120is offline. Accordingly, a merchant may process purchase transactions bytransmitting an authorization request to DPS 120 under normalcircumstances, while transmitting authorization requests to the merchantlocated DPS when the DPS 120 is not available due to technical problemsor for any other reason. DPS 120 may also employ velocity checking todetermine when the volume of authorization requests reaches apredetermined threshold. When the volume of authorization requestsreaches a predetermined threshold, DPS 120 triggers a flag which informsall, or a subset of, merchant POS systems that authorization requestsshould be processed by the merchant located DPS. When the flag islifted, then the merchant located DPS may transmit an update of RTVs toDPS 120 to synchronize with RTV 125.

The merchant located DPS transmits post authorization notifications tocard issuer backend systems such that the authorizations completed atthe merchant located DPS may be processed in order to properly settlethe transactions. When the merchant located DPS authorizes a number oftransactions, for example, the merchant located DPS periodically uploadsthe post authorization notifications. The uploads may occur at anyinterval such as, for example, hourly, daily, weekly, and the like.

In another embodiment, a merchant located DPS employs velocity checkingto determine when the volume of authorization requests reaches apredetermined threshold. When the volume of authorization requestsreaches a predetermined threshold, the merchant located DPS triggers aflag which indicates that all, or a subset of, merchant POSauthorization requests should be processed by DPS 120 other merchantlocated DPSs.

In one embodiment, a local calculation of an RTV may be uploaded to DPS120 at any time (e.g., following a sale transaction). In anotherembodiment, the local calculations may be stored at the merchant locatedDPS and uploaded to DPS 120 at reoccurring intervals or upon reaching adefined number of transactions in batch mode.

In another embodiment, DPS 120 provides a merchant located DPS with RTVsbased on geographic location or any other parameter. For example, amerchant located in San Francisco may be provided with RTVs fortransaction instruments corresponding to consumers residing in SanFrancisco and surrounding areas. In yet another embodiment, a merchantmay be provided RTVs based on one or more demographics. For example, ahigh end jewelry store may receive RTVs for consumers earning above$200,000. In another example, a merchant catering to women may receiveRTVs corresponding to female credit card members.

Practitioners will appreciate that DPS 120 and CPS 130 may reside as asingle integrated system. Moreover, the functionality of CPS 130 mayreside at the merchant location alone or with the merchant located DPS.For example, strategies and data 135 may be downloaded to a merchant POSdevice at predefined intervals or whenever changes are made tostrategies and data 135.

Various databases used herein may include, for example, client data;merchant data; financial institution data; and/or like data useful inthe operation of system 100. As those skilled in the art willappreciate, a user computer may include an operating system (e.g.,Windows NT, 95/98/2000, OS2, UNIX, Linux, Solaris, MacOS, etc.) as wellas various conventional support software and drivers typicallyassociated with computers. The computer may also include any suitablepersonal computer, network computer, workstation, minicomputer,mainframe or the like. A user computer may be in a home or businessenvironment with access to a network. In an exemplary embodiment, accessis through a network or the Internet through a commercially availableweb-browser software package.

Any databases discussed herein may be any type of database, such asrelational, hierarchical, graphical, object-oriented, and/or otherdatabase configurations. Common database products that may be used toimplement the databases include DB2 by IBM (White Plains, N.Y.), variousdatabase products available from Oracle Corporation (Redwood Shores,Calif.), Microsoft Access or Microsoft SQL Server by MicrosoftCorporation (Redmond, Wash.), or any other suitable database product.Moreover, the databases may be organized in any suitable manner, forexample, as data tables or lookup tables. Each record may be a singlefile, a series of files, a linked series of data fields or any otherdata structure. Association of certain data may be accomplished throughany desired data association technique such as those known or practicedin the art. For example, the association may be accomplished eithermanually or automatically. Automatic association techniques may include,for example, a database search, a database merge, GREP, AGREP, SQL,using a key field in the tables to speed searches, sequential searchesthrough all the tables and files, sorting records in the file accordingto a known order to simplify lookup, and/or the like. The associationstep may be accomplished by a database merge function, for example,using a “key field” in pre-selected databases or data sectors.

More particularly, a “key field” partitions the database according tothe high-level class of objects defined by the key field. For example,certain types of data may be designated as a key field in a plurality ofrelated data tables and the data tables may then be linked on the basisof the type of data in the key field. The data corresponding to the keyfield in each of the linked data tables is preferably the same or of thesame type. However, data tables having similar, though not identical,data in the key fields may also be linked by using AGREP, for example.In accordance with one embodiment of the present invention, any suitabledata storage technique may be utilized to store data without a standardformat. Data sets may be stored using any suitable technique, including,for example, storing consumer files using an ISO/IEC 7816-4 filestructure; implementing a domain whereby a dedicated file is selectedthat exposes one or more elementary files containing one or more datasets; using data sets stored in consumer files using a hierarchicalfiling system; data sets stored as records in a single file (includingcompression, SQL accessible, hashed via one or more keys, numeric,alphabetical by first tuple, etc.); Binary Large Object (BLOB); storedas ungrouped data elements encoded using ISO/IEC 7816-6 data elements;stored as ungrouped data elements encoded using ISO/IEC Abstract SyntaxNotation (ASN.1) as in ISO/IEC 8824 and 8825; and/or other proprietarytechniques that may include fractal compression methods, imagecompression methods, etc.

In one exemplary embodiment, the ability to store a wide variety ofinformation in different formats is facilitated by storing theinformation as a BLOB. Thus, any binary information can be stored in astorage space associated with a data set. As discussed above, the binaryinformation may be stored on the financial payment instrument orexternal to but affiliated with the financial payment instrument. TheBLOB method may store data sets as ungrouped data elements formatted asa block of binary via a fixed memory offset using either fixed storageallocation, circular queue techniques, or best practices with respect tomemory management (e.g., paged memory, least recently used, etc.). Byusing BLOB methods, the ability to store various data sets that havedifferent formats facilitates the storage of data associated with thefinancial payment instrument by multiple and unrelated owners of thedata sets. For example, a first data set which may be stored may beprovided by a first party, a second data set which may be stored may beprovided by an unrelated second party, and yet a third data set whichmay be stored, may be provided by an third party unrelated to the firstand second party. Each of these three exemplary data sets may containdifferent information that is stored using different data storageformats and/or techniques. Further, each data set may contain subsets ofdata that also may be distinct from other subsets.

As stated above, in various embodiments of the present invention, thedata can be stored without regard to a common format. However, in oneexemplary embodiment of the present invention, the data set (e.g., BLOB)may be annotated in a standard manner when provided for manipulating thedata onto the financial payment instrument. The annotation may comprisea short header, trailer, or other appropriate indicator related to eachdata set that is configured to convey information useful in managing thevarious data sets. For example, the annotation may be called a“condition header”, “header”, “trailer”, or “status”, herein, and maycomprise an indication of the status of the data set or may include anidentifier correlated to a specific issuer or owner of the data. In oneexample, the first three bytes of each data set BLOB may be configuredor configurable to indicate the status of that particular data set;e.g., LOADED, INITIALIZED, READY, BLOCKED, REMOVABLE, or DELETED.Subsequent bytes of data may be used to indicate for example, theidentity of the issuer, user, transaction/membership account identifieror the like. Each of these condition annotations are further discussedherein.

The data set annotation may also be used for other types of statusinformation as well as various other purposes. For example, the data setannotation may include security information establishing access levels.The access levels may, for example, be configured to permit only certainconsumers, levels of employees, companies, or other entities to accessdata sets, or to permit access to specific data sets based on thetransaction, merchant, issuer, user or the like. Furthermore, thesecurity information may restrict/permit only certain actions such asaccessing, modifying, and/or deleting data sets. In one example, thedata set annotation indicates that only the data set owner or the userare permitted to delete a data set, various identified users may bepermitted to access the data set for reading, and others are altogetherexcluded from accessing the data set. However, other access restrictionparameters may also be used allowing various entities to access a dataset with various permission levels as appropriate.

The data, including the header or trailer may be received by a standalone interaction device configured to add, delete, modify, or augmentthe data in accordance with the header or trailer. As such, in oneembodiment, the header or trailer is not stored on the transactiondevice along with the associated issuer-owned data but instead theappropriate action may be taken by providing to the payment instrumentuser at the stand alone device, the appropriate option for the action tobe taken. The present invention may contemplate a data storagearrangement wherein the header or trailer, or header or trailer history,of the data is stored on the payment instrument in relation to theappropriate data.

One skilled in the art will also appreciate that, for security reasons,any databases, systems, devices, servers or other devices of system 100may consist of any combination thereof at a single location or atmultiple locations, wherein each database or system includes any ofvarious suitable security features, such as firewalls, access codes,encryption, decryption, compression, decompression, and/or the like.

System 100 may be described herein in terms of functional blockcomponents and various processing steps. It should be appreciated thatsuch functional blocks may be realized by any number of hardware and/orsoftware components configured to perform the specified functions. Forexample, system 100 may employ various integrated circuit components,e.g., memory elements, processing elements, logic elements, look-uptables, and the like, which may carry out a variety of functions underthe control of one or more microprocessors or other control devices.Similarly, the software elements of the present invention may beimplemented with any programming or scripting language such as C, C++,Java, COBOL, assembler, PERL, Visual Basic, SQL Stored Procedures,extensible markup language (XML), with the various algorithms beingimplemented with any combination of data structures, objects, processes,routines or other programming elements. Further, it should be noted thatthe present invention may employ any number of conventional techniquesfor data transmission, signaling, data processing, network control, andthe like. Still further, system 100 may be used to detect or preventsecurity issues with a client-side scripting language, such asJavaScript, VBScript or the like. For a basic introduction ofcryptography and network security, see any of the following references:(1) “Applied Cryptography: Protocols, Algorithms, And Source Code In C,”by Bruce Schneier, published by John Wiley & Sons (second edition,1995); (2) “Java Cryptography” by Jonathan Knudson, published byO'Reilly & Associates (1998); (3) “Cryptography & Network Security:Principles & Practice” by William Stallings, published by Prentice Hall;all of which are hereby incorporated by reference.

As will be appreciated by one of ordinary skill in the art, system 100may be embodied as a customization of an existing system, an add-onproduct, upgraded software, a stand-alone system, a distributed system,a method, a data processing system, a device for data processing, and/ora computer program product. Accordingly, system 100 may take the form ofan entirely software embodiment, an entirely hardware embodiment, or anembodiment combining embodiments of both software and hardware.Furthermore, system 100 may take the form of a computer program producton a computer-readable storage medium having computer-readable programcode means embodied in the storage medium. Any suitablecomputer-readable storage medium may be utilized, including hard disks,CD-ROM, optical storage devices, magnetic storage devices, and/or thelike.

The present invention is described herein with reference to blockdiagrams and flowchart illustrations of methods, apparatus (e.g.,systems), and computer program products according to various embodimentsof the invention. It will be understood that each functional block ofthe block diagrams and the flowchart illustrations, and combinations offunctional blocks in the block diagrams and flowchart illustrations,respectively, can be implemented by computer program instructions.

These computer program instructions may be loaded onto a general purposecomputer, special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructionsthat execute on the computer or other programmable data processingapparatus create means for implementing the functions specified in theflowchart block or blocks. These computer program instructions may alsobe stored in a computer-readable memory that can direct a computer orother programmable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instruction meanswhich implement the function specified in the flowchart block or blocks.The computer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer-implemented process such that theinstructions which execute on the computer or other programmableapparatus provide steps for implementing the functions specified in theflowchart block or blocks.

Accordingly, functional blocks of the block diagrams and flow diagramillustrations support combinations of means for performing the specifiedfunctions, combinations of steps for performing the specified functions,and program instruction means for performing the specified functions. Itwill also be understood that each functional block of the block diagramsand flowchart illustrations, and combinations of functional blocks inthe block diagrams and flowchart illustrations, can be implemented byeither special purpose hardware-based computer systems which perform thespecified functions or steps, or suitable combinations of specialpurpose hardware and computer instructions. Further, illustrations ofthe process flows and the descriptions thereof may make reference touser windows, webpages, websites, web forms, prompts, etc. Practitionerswill appreciate that the illustrated steps described herein may comprisein any number of configurations including the use of windows, webpages,web forms, popup windows, prompts and the like. It should be furtherappreciated that the multiple steps as illustrated and described may becombined into single webpages and/or windows but have been expanded forthe sake of simplicity. In other cases, steps illustrated and describedas single process steps may be separated into multiple webpages and/orwindows but have been combined for simplicity.

Benefits, other advantages, and solutions to problems have beendescribed herein with regard to specific embodiments. However, thebenefits, advantages, solutions to problems, and any element(s) that maycause any benefit, advantage, or solution to occur or become morepronounced are not to be construed as critical, required, or essentialfeatures or elements of any or all the claims or the invention. Thescope of the present invention is accordingly to be limited by nothingother than the appended claims, in which reference to an element in thesingular is not intended to mean “one and only one” unless explicitly sostated, but rather “one or more.” All structural, chemical, andfunctional equivalents to the elements of the above-described exemplaryembodiments that are known to those of ordinary skill in the art areexpressly incorporated herein by reference and are intended to beencompassed by the present claims. Moreover, it is not necessary for adevice or method to address each and every problem sought to be solvedby the present invention, for it to be encompassed by the presentclaims. Furthermore, no element, component, or method step in thepresent disclosure is intended to be dedicated to the public regardlessof whether the element, component, or method step is explicitly recitedin the claims. No claim element herein is to be construed under theprovisions of 35 U.S.C. 112, sixth paragraph, unless the element isexpressly recited using the phrase “means for.” As used herein, theterms “comprises”, “comprising”, or any other variation thereof, areintended to cover a non-exclusive inclusion, such that a process,method, article, or apparatus that comprises a list of elements does notinclude only those elements but may include other elements not expresslylisted or inherent to such process, method, article, or apparatus.Further, no element described herein is required for the practice of theinvention unless expressly described as “essential” or “critical”.

1. A method comprising: receiving, by a merchant Point of Sale (POS)device for processing a transaction request, a risk triggering value(“RTV”) based upon historical transaction data associated with atransaction account; issuing, by said merchant POS device, a paymentauthorization in response to said transaction request and based uponsaid RTV; and transmitting, by said merchant POS device and in responseto said issuing, current transaction data associated with saidtransaction request to a central processing computer system thatcalculates an updated RTV based upon said RTV and said currenttransaction data.
 2. The method of claim 1, further comprising storing,by said merchant POS device, transaction information resulting from saidtransaction request, wherein said transaction information includes atleast one of: an identifier of said transaction account, a transactionamount, an authorization message, and a decline message.
 3. The methodof claim 1, wherein said historical transaction data includes at leastone of: purchases, cash advances, payments, and disputes relating tosaid transaction account.
 4. The method of claim 1, wherein said issuingfurther comprises issuing said payment authorization based upon acomparison between said RTV and a risk value.
 5. The method of claim 1,wherein said issuing further comprises: calculating, by said merchantPOS device, a risk value for said transaction request, wherein said riskvalue is based in part upon at least one of: an outcome, a transactionvariable and an environmental variable; comparing, by said merchant POSdevice, said risk value to said RTV; and transmitting, by said merchantPOS device, a payment authorization when said risk value is at least oneof: less than and equal to said RTV.
 6. The method of claim 5, furthercomprising forwarding, by said merchant POS device, a risk strategyoutcome of said request to said central authorization system.
 7. Themethod of claim 1, further comprising compiling, by said merchant POSdevice, a set of risk data and strategies by compiling at least one of atransactional variable and an environmental variable.
 8. The method ofclaim 1, further comprising compiling, by said merchant POS device, aset of risk data and strategies by compiling a transactional variable,wherein said transactional variable includes at least one of: atransaction instrument present, account type, account status, consumerlocation, merchant classification, merchant location, token type,current payment status, current billed transactions, current unbilledtransactions, demographic information, financial information, externalcredit information, external scoring information, and transactionamount.
 9. The method of claim 1, further comprising compiling, by saidmerchant POS device, a set of risk data and strategies by compiling anenvironmental variable, wherein said environmental variable includes atleast one of date and time, seasonal holidays, special event, and healthof domain and nodes.
 10. The method of claim 1, further comprisingreceiving an RTV at a distributed processing site, wherein said RTV wasestablished by condensing a set of risk data and strategies, whereinsaid set of risk data and strategies are managed at a central processingsite, and said condensed set of risk data and strategies comprise a risktriggering value (RTV).
 11. The method of claim 1, further comprisingreceiving, by said merchant POS device, the updated RTV in response tosaid transmitting.
 12. The method of claim 11, wherein said updated RTVis received based on at least one of: predetermined number oftransactions, predetermined interval, and predetermined time.
 13. Themethod of claim 1, wherein said transaction account is associated withat least one of: a charge card, a credit card, loyalty account, a debitcard, and a check.
 14. The method of claim 1, wherein said RTV iscalculated by at least one of: said merchant Point of Sale (POS) device,a distributed processing site, a central processing site and a centralauthorization system.
 15. The method of claim 1, wherein said paymentauthorization is performed by at least one of: said merchant Point ofSale (POS) device, a distributed processing site, a central processingsite and a central authorization system.
 16. The method of claim 1,wherein said RTV is cryptographically protected by way of at least oneof: a digital signature and one-way encryption.
 17. The method of claim1, wherein a tamper resistant hardware based security module isimplemented on at least one of: said merchant Point of Sale (POS)device, a distributed processing site, said central processing computersystem, and a central authorization system.
 18. An article ofmanufacture including a non-transitory, tangible computer readablemedium having instructions stored thereon that, in response to executionby a merchant Point of Sale (POS) device for processing a transactionrequest, cause said merchant POS device to perform operationscomprising: receiving, by said merchant POS device, a risk triggeringvalue (“RTV”) based upon historical transaction data associated with atransaction account; issuing, by said merchant POS device, a paymentauthorization in response to said transaction request and based uponsaid RTV; and transmitting, by said merchant POS device and in responseto said issuing, current transaction data associated with saidtransaction request to a central processing computer system thatcalculates an updated RTV based upon said RTV and said currenttransaction data.
 19. A system comprising: a processor associated with amerchant Point of Sale (POS) device for processing a transactionrequest, a tangible, non-transitory memory configured to communicatewith said processor, said tangible, non-transitory memory havinginstructions stored thereon that, in response to execution by saidprocessor, cause said processor to perform operations comprising:receiving, by said processor, a risk triggering value (“RTV”) based uponhistorical transaction data associated with a transaction account;issuing, by said processor, a payment authorization in response to saidtransaction request and based upon said RTV; and transmitting, by saidprocessor and in response to said issuing, current transaction dataassociated with said transaction request to a central processingcomputer system that calculates an updated RTV based upon said RTV andsaid current transaction data.
 20. A method comprising: receiving, by amerchant Point of Sale (POS) device for processing a transactionrequest, a risk triggering value (“RTV”) based upon historicaltransaction data associated with a transaction account; issuing, by saidmerchant POS device, a first payment authorization; wherein a secondpayment authorization was issued by a distributed processing site,wherein said second payment authorization is based upon a load on saiddistributed processing site; and transmitting, by said merchant POSdevice and in response to said issuing, current transaction dataassociated with said transaction request to a central processingcomputer system that calculates an updated RTV based upon said RTV andsaid current transaction data.
 21. A method comprising: receiving, by acomputer-based system for processing a transaction request, a risktriggering value (“RTV”) based upon historical transaction dataassociated with a transaction account, wherein said RTV comprises a sumof trigger points including a long standing customer trigger point, anabove average income trigger point, and a debt to income ratio triggerpoint; issuing, by said computer-based system, a payment authorizationin response to said transaction request and based upon said RTV; andtransmitting, by said computer-based system and in response to saidissuing, current transaction data associated with said transactionrequest to a central processing computer system that calculates anupdated RTV based upon said RTV and said current transaction data.